diff options
| author | Daniil Baturin <daniil@vyos.io> | 2023-12-21 15:32:36 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-21 15:32:36 +0000 |
| commit | c9b71b0669924da41dc50632bdcaed710f03d4d7 (patch) | |
| tree | 30a3eada0c894fb0ff07f83b360f9535c5d43627 /src/conf_mode/vrf.py | |
| parent | 5c91424daafbee512f7c87caa418cd05f0bc4633 (diff) | |
| parent | 0ee2f8285c81878687a9f92e6a3b0f10c4d75584 (diff) | |
| download | vyos-1x-c9b71b0669924da41dc50632bdcaed710f03d4d7.tar.gz vyos-1x-c9b71b0669924da41dc50632bdcaed710f03d4d7.zip | |
Merge pull request #2674 from vyos/mergify/bp/sagitta/pr-2663
srv6: T591: enable SR enabled packet processing on defined interfaces (backport #2663)
Diffstat (limited to 'src/conf_mode/vrf.py')
| -rwxr-xr-x | src/conf_mode/vrf.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index 37625142c..9b1b6355f 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -214,6 +214,18 @@ def apply(vrf): # Delete the VRF Kernel interface call(f'ip link delete dev {tmp}') + # Enable/Disable VRF strict mode + # When net.vrf.strict_mode=0 (default) it is possible to associate multiple + # VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a + # table can be associated to a single VRF device. + # + # A VRF table can be used by the VyOS CLI only once (ensured by verify()), + # this simply adds an additional Kernel safety net + strict_mode = '0' + # Set to 1 if any VRF is defined + if 'name' in vrf: strict_mode = '1' + sysctl_write('net.vrf.strict_mode', strict_mode) + if 'name' in vrf: # Separate VRFs in conntrack table # check if table already exists |